Misaligned access to ip, ipasfrag, qlink, ...

Hi,

Seems to also be reported in: https://lore.kernel.org/qemu-devel/CAO=notxhNUkps9_aLKmy=oDKYC8xsUjErrEMAycwJHjUvkWHRA@mail.gmail.com/

Here is a qemu reproducer (requires an --enable-sanitizers build):

Reproducer

cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M,slots=4,maxmem=0xffff000000000000 -machine q35 -nodefaults -device \
vmxnet3,netdev=net0 -netdev user,id=net0 -object \
memory-backend-ram,id=mem1,size=10M -device \
pc-dimm,id=nv1,memdev=mem1,addr=0xba19ff00000000 -object \
memory-backend-ram,id=mem2,size=10M -device \
pc-dimm,id=nv2,memdev=mem2,addr=0xbe53e14abaa00000 -object \
memory-backend-ram,id=mem3,size=10M -device \
pc-dimm,id=nv3,memdev=mem3,addr=0xfe0000e9cae00000 -object \
memory-backend-ram,id=mem4,size=10M -device \
pc-dimm,id=nv4,memdev=mem4,addr=0xf0f0f0f00000000 -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000814
outl 0xcfc 0xe0001000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0x3e 0x1 0x02
write 0x39 0x1 0x20
write 0x29 0x1 0x10
write 0x2c 0x1 0x0f
write 0x2d 0x1 0x0f
write 0x2e 0x1 0x0f
write 0x2f 0x1 0x0f
write 0xf0f0f0f00001012 0x1 0xfe
write 0xf0f0f0f00001013 0x1 0xca
write 0xf0f0f0f00001014 0x1 0xe9
write 0xf0f0f0f00001017 0x1 0xfe
write 0xf0f0f0f0000103a 0x1 0x01
write 0xfe0000e9cafe0009 0x1 0x40
write 0xfe0000e9cafe0019 0x1 0x40
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writel 0xe0001020 0xcafe0000
write 0xfe0000e9cafe0029 0x1 0x40
write 0xfe0000e9cafe0039 0x1 0x40
write 0xfe0000e9cafe0049 0x1 0x40
write 0xfe0000e9cafe0059 0x1 0x40
write 0x1f65190b 0x1 0x08
write 0x1f65190d 0x1 0x46
write 0x1f65190e 0x1 0x03
write 0x1f651915 0x1 0x01
write 0xfe0000e9cafe0069 0x1 0x40
write 0xfe0000e9cafe0079 0x1 0x40
write 0xfe0000e9cafe0089 0x1 0x40
write 0xfe0000e9cafe0099 0x1 0x40
write 0xfe0000e9cafe009d 0x1 0x10
write 0xfe0000e9cafe00a0 0x1 0xff
write 0xfe0000e9cafe00a1 0x1 0x18
write 0xfe0000e9cafe00a2 0x1 0x65
write 0xfe0000e9cafe00a3 0x1 0x1f
write 0xfe0000e9cafe00a9 0x1 0x40
write 0xfe0000e9cafe00ad 0x1 0x1c
write 0xe0000602 0x1 0x00
EOF

Log

../net/eth.c:54:13: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 00 00 00 00 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:54:13 in 
../net/eth.c:54:13: runtime error: load of misaligned address 0x631000230846 for type 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 00 00 00 00 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:54:13 in 
../net/eth.c:55:17: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 00 00 00 00 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:55:17 in 
../net/eth.c:337:41: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 00 00 00 00 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:337:41 in 
../net/eth.c:339:16: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 00 00 00 00 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:339:16 in 
../net/eth.c:340:16: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 00 00 00 20 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:340:16 in 
../net/eth.c:348:12: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 18 00 00 20 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:348:12 in 
../net/eth.c:349:12: runtime error: member access within misaligned address 0x631000230846 for type 'struct ip_header', which requires 4 byte alignment
0x631000230846: note: pointer points here
 00 00 00 00 46 03  00 18 00 00 20 00 01 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00
             ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../net/eth.c:349:12 in 
../slirp/src/ip_input.c:402:8: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct ipasfrag', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be be be 00 00  00 00 00 00 00 00 00 00  00 00 08 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:402:8 in 
../slirp/src/ip_input.c:402:8: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct qlink', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be be be 00 00  00 00 00 00 00 00 00 00  00 00 08 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:402:8 in 
../slirp/src/ip_input.c:402:8: runtime error: store to misaligned address 0x61b000003904 for type 'void *', which requires 8 byte alignment
0x61b000003904: note: pointer points here
  00 00 00 00 00 00 00 00  00 00 08 00 46 03 00 00  00 00 00 00 01 00 98 e4  00 00 00 00 00 00 00 00
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:402:8 in 
../slirp/src/ip_input.c:403:8: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct ipasfrag', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be be be 00 00  00 00 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:403:8 in 
../slirp/src/ip_input.c:403:8: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct qlink', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be be be 00 00  00 00 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:403:8 in 
../slirp/src/ip_input.c:403:8: runtime error: store to misaligned address 0x61b0000038fc for type 'void *', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be be be 00 00  00 00 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:403:8 in 
../slirp/src/ip_input.c:320:16: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct ipasfrag', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be e0 3f 00 00  b0 61 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:320:16 in 
../slirp/src/ip_input.c:320:16: runtime error: member access within misaligned address 0x61b00000390c for type 'struct ip', which requires 8 byte alignment
0x61b00000390c: note: pointer points here
  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4  00 00 00 00 00 00 00 00  00 00 00 00 be be be be
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:320:16 in 
../slirp/src/ip_input.c:322:20: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct ipasfrag', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be e0 3f 00 00  b0 61 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:322:20 in 
../slirp/src/ip_input.c:322:20: runtime error: member access within misaligned address 0x61b00000390c for type 'struct ip', which requires 8 byte alignment
0x61b00000390c: note: pointer points here
  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4  00 00 00 00 00 00 00 00  00 00 00 00 be be be be
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:322:20 in 
../slirp/src/ip_input.c:319:17: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct ipasfrag', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be e0 3f 00 00  b0 61 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:319:17 in 
../slirp/src/ip_input.c:319:17: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct qlink', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be e0 3f 00 00  b0 61 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:319:17 in 
../slirp/src/ip_input.c:319:17: runtime error: load of misaligned address 0x61b0000038fc for type 'void *', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be e0 3f 00 00  b0 61 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:319:17 in 
../slirp/src/ip_input.c:324:45: runtime error: member access within misaligned address 0x61b0000038fc for type 'struct ipasfrag', which requires 8 byte alignment
0x61b0000038fc: note: pointer points here
  be be be be e0 3f 00 00  b0 61 00 00 e0 3f 00 00  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:324:45 in 
../slirp/src/ip_input.c:324:45: runtime error: member access within misaligned address 0x61b00000390c for type 'struct ip', which requires 8 byte alignment
0x61b00000390c: note: pointer points here
  b0 61 00 00 46 03 00 00  00 00 00 00 01 00 98 e4  00 00 00 00 00 00 00 00  00 00 00 00 be be be be
              ^ 
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../slirp/src/ip_input.c:324:45 in

Thanks

Edited Jun 17, 2022 by Alex B

Admin message

Misaligned access to ip, ipasfrag, qlink, ...

Reproducer

Log